AIKIDO-2025-10800
github.com/oauth2-proxy/oauth2-proxy/v7 is vulnerable to Server-side Request Forgery (SSRF)
85
High Risk
This Affects:
github.com/oauth2-proxy/oauth2-proxy/v7TL;DR
Affected versions of this package are vulnerable to server-side request forgery (SSRF) via header smuggling. Authenticated users can inject underscore-prefixed X-Forwarded_* headers (e.g., X_Forwarded-For) which bypass the normal stripping logic, allowing privilege escalation or impersonation of upstream clients.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/oauth2-proxy/oauth2-proxy/v7 is vulnerable to Server-side Request Forgery (SSRF) in versions 7.0.0 - 7.12.0.
How to fix this
Upgrade the github.com/oauth2-proxy/oauth2-proxy/v7 library to a patch version.
Links
GitHub Release
Other
datatracker.ietf.org/doc/html/rfc2616#section-4.2datatracker.ietf.org/doc/html/rfc822#section-3.2github.security.telekom.com/2020/05/smuggling-http-headers-through-reverse-proxies.htmluptimia.com/questions/why-are-http-headers-with-underscores-dropped-by-nginx
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant